- Published on
Security
- Authors
- Name
- Lucian Oprea
- @LucianDSA_
00:30:00
Authentication & Authorization
⏷ 1. What is the difference between authentication and authorization?
⏷ 2. How does OAuth 2.0 work, and where would you use it in a microservices architecture?
⏷ 3. Explain the concept of JWT (JSON Web Tokens) and how they are used for securing APIs.
⏷ 4. What are RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control), and how do they differ?
⏷ 5. How would you implement single sign-on (SSO) in a distributed system?
⏷ 6. What are some common vulnerabilities associated with authentication mechanisms?
⏷ 7. How can you prevent privilege escalation in a microservices environment?
⏷ 8. Describe a scenario where JWT can be exploited and how to mitigate it.
⏷ 9. How would you design an authorization system that supports both RBAC and ABAC?
⏷ 10. Explain how to securely rotate signing keys for JWT without disrupting active sessions.
Encryption & Data Protection
⏷ 11. What are the differences between symmetric and asymmetric encryption?
⏷ 12. How does TLS secure data in transit, and what are its main components?
⏷ 13. Explain the concept of end-to-end encryption and where it is applicable.
⏷ 14. What is data at rest encryption, and why is it important?
⏷ 15. How do hashing algorithms differ from encryption algorithms?
⏷ 16. What are some best practices for managing encryption keys?
⏷ 17. How would you handle encryption key rotation in a live system without downtime?
⏷ 18. Describe a situation where improper encryption implementation led to a security breach.
⏷ 19. Explain how to securely store and manage secrets in a Kubernetes-based microservices architecture.
Network Security
⏷ 20. What is a firewall, and how does it protect a network?
⏷ 21. Explain the concept of a VPN and its use cases.
⏷ 22. What are the differences between HTTP and HTTPS in terms of security?
⏷ 23. How do network segmentation and micro-segmentation enhance security in a cloud environment?
⏷ 24. What is a DMZ (Demilitarized Zone) and why is it used?
⏷ 25. Describe how SSL/TLS works at the network level.
⏷ 26. How would you secure inter-service communication in a microservices architecture without relying solely on network policies?
⏷ 27. How can you detect and mitigate a man-in-the-middle (MITM) attack in a distributed system?
⏷ 28. Describe the process of securing a Kubernetes cluster's network traffic using service meshes like Istio.
API Security
⏷ 29. What are some common security vulnerabilities in APIs, and how can they be mitigated?
⏷ 30. Explain the concept of rate limiting and its importance in API security.
⏷ 31. How does API gateway contribute to securing microservices?
⏷ 32. What is input validation, and why is it critical for API security?
⏷ 33. Describe how CORS (Cross-Origin Resource Sharing) works and its security implications.
⏷ 34. What are API tokens, and how do they differ from API keys?
⏷ 35. How would you secure a public API that requires both high availability and strict access controls?
⏷ 36. Explain how to implement mutual TLS for API authentication and authorization.
⏷ 37. Describe a strategy to protect APIs against automated bot attacks and scraping.
⏷ 38. How can you ensure secure versioning of APIs without exposing sensitive information?
Security Monitoring & Auditing
⏷ 39. What are the key components of an effective security monitoring system?
⏷ 40. How do SIEM (Security Information and Event Management) tools work?
⏷ 41. Explain the importance of logging in security auditing.
⏷ 42. What is anomaly detection in the context of security, and how can it be implemented?
⏷ 43. How would you set up monitoring for suspicious activities in a Kafka cluster?
⏷ 44. Describe how to correlate events from multiple microservices to detect a coordinated attack.
Vulnerability Management
⏷ 45. What is the difference between vulnerability scanning and penetration testing?
⏷ 46. How do you prioritize vulnerabilities once they are identified?
⏷ 47. Explain the concept of a CVE (Common Vulnerabilities and Exposures).
⏷ 48. What are some tools used for vulnerability assessment in containerized environments?
⏷ 49. Describe the process of patch management in a microservices architecture.
⏷ 50. How does the OWASP Top Ten list help in securing applications?
⏷ 51. How would you handle zero-day vulnerabilities in critical components of your system?
⏷ 52. Describe a strategy to continuously integrate vulnerability assessments into your CI/CD pipeline.
⏷ 53. Explain how to securely manage and update third-party libraries in a multi-language microservices ecosystem.
Security Best Practices in Microservices
⏷ 54. What are some security challenges unique to microservices compared to monolithic architectures?
⏷ 55. How does the principle of least privilege apply to microservices?
⏷ 56. Explain the concept of "secure by design" in the context of microservices.
⏷ 57. How can service meshes enhance the security of microservices communications?
⏷ 58. Describe how to implement security testing in a microservices development lifecycle.
⏷ 59. How would you design a secure authentication flow across multiple microservices without creating a single point of failure?
⏷ 60. Explain how to handle secret management for numerous microservices without exposing sensitive data.
⏷ 61. How can you ensure data consistency and security when implementing distributed transactions in microservices?